diff --git a/windows/security/threat-protection/windows-defender-atp/exposed-apis-full-sample-powershell.md b/windows/security/threat-protection/windows-defender-atp/exposed-apis-full-sample-powershell.md
index 3983803de5..01f1b37243 100644
--- a/windows/security/threat-protection/windows-defender-atp/exposed-apis-full-sample-powershell.md
+++ b/windows/security/threat-protection/windows-defender-atp/exposed-apis-full-sample-powershell.md
@@ -98,7 +98,7 @@ $query = "NetworkCommunicationEvents
 
 $queryUrl = "https://api.securitycenter.windows.com/advancedqueries/query"
 
-$queryBody = ConvertTo-Json -InputObject $query
+$queryBody = ConvertTo-Json -InputObject @{ 'Query' = $query }
 $queryResponse = Invoke-WebRequest -Method Post -Uri $queryUrl -Headers $headers -Body $queryBody -ErrorAction Stop
 $response =  ($queryResponse | ConvertFrom-Json).Results
 $response
diff --git a/windows/security/threat-protection/windows-defender-atp/run-advanced-query-api.md b/windows/security/threat-protection/windows-defender-atp/run-advanced-query-api.md
index b53851bf20..c6dde9776c 100644
--- a/windows/security/threat-protection/windows-defender-atp/run-advanced-query-api.md
+++ b/windows/security/threat-protection/windows-defender-atp/run-advanced-query-api.md
@@ -77,11 +77,11 @@ Here is an example of the request.
 POST https://api.securitycenter.windows.com/advancedqueries/query
 Content-type: application/json
 {
-  "ProcessCreationEvents  
+	"Query":"ProcessCreationEvents  
 | where InitiatingProcessFileName =~ \"powershell.exe\"
 | where ProcessCommandLine contains \"appdata\"
 | project EventTime, FileName, InitiatingProcessFileName 
-| limit 2"​
+| limit 2"
 }
 ```
 
diff --git a/windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-power-bi-app-token.md b/windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-power-bi-app-token.md
index 39bde0a8c5..c20268f3b5 100644
--- a/windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-power-bi-app-token.md
+++ b/windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-power-bi-app-token.md
@@ -65,7 +65,7 @@ If you want to use **user token** instead please refer to [this](run-advanced-qu
 			AdvancedHuntingUrl, 
 			[
 				Headers = [#"Content-Type"="application/json", #"Accept"="application/json", #"Authorization"=Bearer],
-				Content=Json.FromValue(Query)
+				Content=Json.FromValue([#"Query"=Query])
 			]
 		)),
 
diff --git a/windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-powershell.md b/windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-powershell.md
index 0bb63ec221..982fec1b38 100644
--- a/windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-powershell.md
+++ b/windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-powershell.md
@@ -71,7 +71,7 @@ $headers = @{
 	Accept = 'application/json'
 	Authorization = "Bearer $aadToken" 
 }
-$body = ConvertTo-Json -InputObject $query
+$body = ConvertTo-Json -InputObject @{ 'Query' = $query }
 $webResponse = Invoke-WebRequest -Method Post -Uri $url -Headers $headers -Body $body -ErrorAction Stop
 $response =  $webResponse | ConvertFrom-Json
 $results = $response.Results
diff --git a/windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-python.md b/windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-python.md
index 0f07bf3b7d..d0c7fc7712 100644
--- a/windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-python.md
+++ b/windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-python.md
@@ -74,7 +74,7 @@ headers = {
 	'Authorization' : "Bearer " + aadToken
 }
 
-data = json.dumps(query).encode("utf-8")
+data = json.dumps({ 'Query' : query }).encode("utf-8")
 
 req = urllib.request.Request(url, data, headers)
 response = urllib.request.urlopen(req)